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ABSTRACT 

In developing Automotive Software, the developer can be preven ting in the logical defect of software by using a 
standard coding rules. The Coding guideline of MISRA-C is a coding rule that assures a high-reliability and 
high-quality. MISRA-C coding rule is required by automotive, airplane, manufacture and industry. In this paper, we will 
be applying the MISRA-C to target the software code of Active Control Engine Mount. And we will show a problems and 
solution that occurred after applying coding rule. As a result, it is expected that a software developer makes a 
high-reliability/high-quality of automotive software by reducing potential error of automotive software. 
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INTRODUCTION 

Recently, almost vehicles are equipped with an array of electronics designed to increase their safety, 
convenience, and eco-friendliness. An electric control unit (ECU) is responsible for user convenience and safety in 
the use of such automotive electronics. Owners of the latest-model vehicles now have access to a variety of 
services [ 1 ] [2] that require the synchronization of ECUs in a vehicle, so software installed in ECUs is on the rise. 
In many case, OSEK OS [3] [4] [12] which is the automotive operating system, is applied also. New functions made 
available in vehicles by advanced electronics are increasing software testing cost. Recall of vehicles for repair of 
electronics issues is taken seriously. 

After a large number of defects and malfunctions of vehicles have been found to be software issues, much 
effort is being made to prevent such issues by achieving a systematic improvement in software quality at the initial 
phases of development. A solution to such issues that has recently been discovered is static analysis of software at 
the commencement of development to minimize the chances of error [5] [6]. This method does not require a high 
level of maturity of the software developer, and effectively prevents issues and achieves reliability at a relatively 
low cost. 

In this study, an outline of cases where the MISRA-C 2004 coding guidelines [7] [8] were applied to 
active electronic control engine mount (AECM) source codes using the quintessential static analysis tool QAC [9] 
will be given. 

In Chapter 2 of this paper related research is introduced; static analysis methods and tools, and MISRA-C 
2004 are outlined; and arithmetic type conversion, one of the coding guidelines of MISRA-C 2004, is explained. 
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In Chapter 3, cases of application of MISRA-C 2004 coding guidelines to program source codes are introduced. In Chapter 
4, a conclusion is given and future research projects are outlined. 

RELATED WORKS 

• Electronic Control Engine Mount 

The role of an engine mount is support of the powertrain in the car body and insulation of excitation force 
transferred to the car body. Stable support of the powertrain requires high rigidity of the engine mount, whereas effective 
insulation requires low rigidity of the engine mount; this design discrepancy must be accommodated by the engine 
mounting system. 

The different types of engine mounts include the conventional mount made of rubber, the hydro mount with latex 
for powertrain movement control, the electronic active control mount designed to adjust mount rubber rigidity to suit 
driving conditions, and the ER/MR mount that uses electro-rheological fluid and magneto-rheological fluid in addition to 
the AECM technology for more precise control. An electronic AECM offsets vibration generated by a hybrid car engine 
and transferred to car body by generating out-of-phase driving force for improved ride comfort. Such an electronic AECM 
is made up of an actuator that generates driving force from inside the mount and a controller that supplies power and 
receives vibration signals for starting the actuator. An AECM and its controller, which includes control algorithms, are 
collectively referred to as an electronic control engine mount system. 

• Methods and Tools of Static Analysis of Code 

Defects in software that controls a vehicle are not just a matter of malfunction, but go so far as to cause injury or 
death, and even social issue. Needless to say, tremendous time and effort are invested into the prevention of such software 
defects. Despite resolution of serious software defects that took many years, automotive software is still being found with 
issues [10][11][13], 

Given the gravity of software issues, the effort made by software developers to identify potential error codes or 
errors at the initial phases of software development is an important one. 

There are two methods of analysis for finding defects or errors in program codes: static analysis and dynamic 
analysis. Static analysis breaks down the meaning of codes without executing codes to detect errors. Dynamic analysis 
compares predicted result of code execution with actual result of code execution to detect errors. Static analysis can be 
performed either by reading of codes by a developer or verifier, or by the use of an automated tool. Use of an automated 
static analysis tool enables source code analysis without program execution, and verification of adherence of analysed 
source codes to coding standards. Automated static analysis tools are frequently used for a more rigorous application of 
standards development methods and coding rules in a project. Common automated static analysis tools include LDRA, 
Code-Sonar, Prevent, QAC, and Poly-space. 

• MISRA-C 2004 

In the automotive, aerospace, railroad, control technology, and national defence industries where safety is 
prioritized, great effort is made to reduce software defects and errors. In the automotive industry, the Motor Industry 
Software Reliability Association promulgated the ISO C-based MISRA-C as the coding guidelines for the "C" 
programming language. 
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MISRA-C was announced in 1998 under the title "Guidelines for the Use of the C Language in Vehicle-based 
Software." In 2004, it was re-released as the "Guidelines for the Use of the C Language in Critical Systems" for application 
to other safety-prioritized systems in addition to vehicles. 5) The purpose of MISRA-C is reduction of software defects and 
errors, as well as the achievement of safety, compatibility, and reliability of the codes of embedded systems created using 
the ISO C language. 

The two application priority levels of MISRA-C are "required" and "advisory." MISRA-C 1998 includes 127 
coding rules, of which 93 are required and 34 are advisory. MISRA-C 2004 includes 142 coding rules, of which 122 are 
required and 20 are advisory. 
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Figure 1: MISRA-C 2004 Coding Guidelines 


CASE STUDY 


• Target and Environment of Application 

In this study, an automated static analysis tool was used to test the adherence of AECM source codes developed 
by Gyeongbuk Research Institute of Vehicle Embedded Technology to the coding standards. The testing and development 
environment used was "Freescale Code Warrior IDE." 

The MCU was used in the controller of the driving motor of an electric vehicle. This test verifies adherence to 
Rule 10 of MISRA-C 2004, "Arithmetic Type Conversion." 

• Result of Tool Test 

Figure 2 is shown the result of QAC tool analyse. And, result of MISRA-C 2004 application, which is of the 
highest importance, is shown in Table 1. 



| | (4) M2CM Rule 14.8 (221) 

| | (4) M2CM Rule 10.1 (189) 

| | (4) M2CM Rule 13.2 (145) 

| | (4) M2CM Rule 14.1 (116) 

| | (4) M2CM Rule 6.3 (105) 

| | (4) M2CM Rule 8.8 (63) 

^|(4)M2CM Rule 12,13 (56) 
| | (4) M2CM Rule 17.4 (37) 

| | (4) M2CM Rule 5.6(35) 

| | Others (250) 


Figure 2: Result of MISRA-C 2004 Coding Rule Analyse 
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Table 1: Result of Violated Rules 


Code Review 
Reference 

MISRA-C: 
2004 Reference 

Code Review Message 

M10.1 

Rule 10.1 

Implicit conversion of a complex integer 
expression to a smaller sized integer is not allowed. 

M10.1.1 

Rule 10.1 

Implicit conversion of an integer expression to a 
different signedness is not allowed. 

M14.8.3 

Rule 

The “do. .while” statement should contain a 

14.8 

compound statement { } . 

M14.8.4 

Rule 

The “for” statement should be followed by a 

14.8 

compound statement { } . 


The following is a description of the key coding rules. 


MISRA-C 2004 Rule 10.1: Conversion between different arithmetic types is liberal with C language, but type 
conversion of indistinct integers is not allowed. 

In general, coding rule 10.1 is accompanied by 10.2. 

MISRA-C 2004 Rule 10.2: If the below conditions present, a floating-point value must not be converted to 
another type discreetly. 

Not a conversion to a floating-point value larger than (a) 

• is a compound type 

• is the actual argument of a function 

• is a return type 

Coding rule 10.2 applies to the type conversion of the floating point. It dictates that discreet type conversion that 
may result in data loss must not be performed. The following is a portion of a kernel source code in violation of coding rule 
10 . 2 . 


#define CPU_CLOCK_FREQUENCY 40.0 
#define PIT_BASE_CNT_VAL 
( CPU_CLOCK_FREQUEN C Y) 
PITMTLD0 = PIT_B ASE_CNT_V AL; . 


The above sample code violates the coding rule by assigning a "double" value to an "unsigned char" variable. To 
avoid this violation, the following explicit type casting is required. 


#define CPU_CLOCK_FREQUENCY 40.0 
#define PIT_BASE_CNT_VAL 
(CPU_CLOCK_FREQUENCY) 
PITMTLD0= 

fdouble)PIT_BASE_CNT_VAL; 


MISRA-C 2004 Rule 14.8: In the use of the C language, the terms "for," 


"do," and "while" 


must include 


component braces. 


for (i=0 ; i<N_ELEMENTS; ++i) 

{ 

buffer[i] = 0 ; 

} 
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while (new_data_available) 
process_data (); 
service_whatchdog (); 

The above sample recommends that the { } component be set in the term "while." 

CONCLUSIONS 

This study expounded the use of an automated tool for an arithmetic type conversion of vehicle AECM source 
codes in adherence to MISRA-C 2004. Moreover, issues arising from the application of coding rules related to the 
arithmetic type conversion of MISRA-C 2004 to actual vehicle AECM source codes and their solutions were expounded. 

In future research errors and issues associated with software development will be analysed by using MISRA-C 
2004 coding rules not mentioned in this paper, as well as the other software analysis method of dynamic analysis. 
The results of actual improvement will be duly implemented. 
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